Reinforce Your Aws Security Posture, At Multiple Levels

Often, we hear about publicly exposed AWS S3 buckets or security attacks, such as DDoS, brute-force, etc. Every problem in AWS, be it security, compliance, or bill spikes, was/is due to engineering problems. When it comes to AWS security, wrong Security Group (SG) configurations seems to top the charts.    

AWS security audits cannot be a fortnightly activity as generally practiced. It must be an everyday activity. As AWS practitioners, we all know this is effort intensive, especially with manual approach of using AWS console.

If you are an SMB or an enterprise, you will have hundreds of instances running in multiple SGs. Just imagine the amount of time invested just for DeSecOps activities to maintain the security posture.  

Moreover, maintaining security posture on AWS is not an one-man army fight. Security is everyone’s responsibility. It’s teamwork between a CISO or a CTO and his team of DevSecOps or DevOps engineers. Everyone needs to understand the security posture of their AWS accounts at multiple levels, from their respective job roles’ perspective, right from top level to granular level, to this end.

A Focused Visual Environment Offering Real-Time AWS Security Cues

In a dynamic AWS ecosystem, where several resources are provisioned, scaled up or scaled down on-demand, chances of overlooking misconfigurations are high. Because, rules defined under SGs are buried under KBs of code and visualizing traffic flow from logs of VPC flow log data is immensely challenging for a human mind.  

A single console offering visual cues to any security vulnerabilities, to everyone in the team, helps identify such vulnerabilities 100X faster!

Lets walk you through a couple of security audits a CXO or a DevSecOps engineer must perform. Watch how easy it is to perform on a visual console!

Case in Point #1

Checking for open TCP/UDP ports associated with relevant IP and security groups:

Unrestricted inbound/ingress access to TCP/UDP ports can invite malicious activity. The typical plan of action is to keep a check on instances’ SGs for inbound rules that allow unrestricted access (i.e. to any of these ports and restrict access to only those IP addresses that require it to implement the principle of least privilege.

On the AWS console, you need to hop between Network and Security section and then Security groups via EC2 or RDS dashboard. Check for the tabs shown below the tabulated list. This might take few minutes depending on the number of instances.

However, using TotalCloud, you can check the ingress and egress and check for SGs containing resources that allow data outside the Infrastructure at a glance.

Observe the video below:

This will take anywhere between 5 to 10 seconds, irrespective of the number of instances you are using.

Case in Point #2

Finding SSH open ports and ensuring they are used only for jump box/bastion hosts

Securing network security at the subnet level using a bastion host, NAT instances, or NAT Gateways helps in protecting data. An SG allowing bastion connectivity for existing private instances must only accept SSH or RDP inbound requests from bastion hosts across AZs.

Whereas, the inbound & outbound traffic must be restricted at the protocol level, where in the inbound rule base should accept SSH connections only from the specific IP addresses. The outbound connection should again be restricted to SSH or RDP access to the private instances of your AWS infrastructure.  

On the AWS console, you need to go to VPC console, scroll down to SGs and check for inbound and outbound data under each SG. This might take few minutes to hours depending on the number of instances.

However, using TotalCloud, you can check the ingress and egress and check for SGs containing resources that allow data outside the Infrastructure at a glance.

Observe the video below:

Conclusion: A Centralized Focus View with Visual Cues for Real-time DevSecOps

Change is the only constant. In a dynamic cloud setup, several teams engage. Having a centralized view of live data that acts as visual cues to vulnerabilities, helps identifying security issues in real-time. The ability to zoom in and zoom out at multiple levels, along with the capability to filter out traffic rules, helps everyone in the team to act and secure their infrastructure.

With immersive visualization of such data, anyone in the team can perform continuous security and understand security posture 100X faster and better compared to dashboards. TotalCloud’s Security View is exactly that! Do give it a try!

If you are looking to understand AWS Network stack at a glance, read this post.

Reinforce Your Aws Security Posture, At Multiple Levels

Smart Scheduling at your fingertips

Go from simple to smart, real-time AWS resource scheduling to save cost and increase team productivity.

Learn More
More Posts

You Might Also Like

Cloud Computing
How To Migrate To Azure Faster?
Migrating from on premise data centers to a cloud provider is always considered a difficult endeavor. From the cost, to the planning and resource allocation, plenty of preliminary work is gone to setting up a cloud infrastructure. Which is why, Microsoft Azure’s new program stands to benefit many organizations still on the fence about migrating to the cloud.
July 21, 2021
Cloud Computing
Everything You Need To Know About Kubernetes Scheduler
When creating a Kubernetes cluster, scheduling the pod to an available node is an important component of the process. This component works under specific rules and technicalities that I’d like to explore in this article...
September 23, 2020
Cloud Computing
20 Cloud Influencers You Should Be Following in 2020
It’s important to follow the right individuals so that you remain on the loop and always find yourself learning things that you were unaware of. These thought leaders and influencers can only be the avenues by which you meet other interesting technologists.
September 23, 2020
Cloud Automation
New In: No-code cloud management workflows for Azure, VMware & Private Cloud (in addition to AWS)
At TotalCloud, we’ve been enabling workflow-based cloud management for AWS to make it intuitive, accelerated, and no-code. Instead of programming cloud management use cases or depending on siloed solutions, we built out a platform that gives you building blocks to assemble any cloud management solution. 
September 4, 2020
Cloud Computing
List of Essential Kubernetes Tools
Kubernetes is a Container-as-a-Service with tons of unique tools to choose from. External tools play a role in integrating with different systems or maintaining control over the clusters you deploy. Manual health checks and troubleshooting is not ideal to keep a system in full health.This list of tools will provide ample support to your containers and have enough configuration to leave management flexible...
August 12, 2020
AWS Use Case Files
TotalCloud Inventory Actions: Giving a new meaning to Cloud Inventory
Learn how the TotalCloud Inventory Dashboard can become equivalent to your cloud provider’s SDK. Carry out any action on any discovered resource with Inventory Actions.
July 30, 2020